diff --git a/tests/test_commands.py b/tests/test_commands.py index 9239a67fea57254ed55ff44d58ee0516101d347d..78f24aff469d0647da8f225ba69e1806d86bfb26 100644 --- a/tests/test_commands.py +++ b/tests/test_commands.py @@ -596,14 +596,16 @@ def test_renew_generates_new_private_key_if_requested(gctmpdir): gimmecert.commands.server(io.StringIO(), io.StringIO(), gctmpdir.strpath, 'myserver', None, None, None) private_key_after_issuance = private_key_file.read() - private_key_size_after_issuance = gimmecert.storage.read_private_key(private_key_file.strpath).key_size + public_key_after_issuance = gimmecert.storage.read_private_key(private_key_file.strpath).public_key() + key_specification_after_issuance = gimmecert.crypto.key_specification_from_public_key(public_key_after_issuance) gimmecert.commands.renew(io.StringIO(), io.StringIO(), gctmpdir.strpath, 'server', 'myserver', True, None, None, None) private_key_after_renewal = private_key_file.read() - private_key_size_after_renewal = gimmecert.storage.read_private_key(private_key_file.strpath).key_size + public_key_after_renewal = gimmecert.storage.read_private_key(private_key_file.strpath).public_key() + key_specification_after_renewal = gimmecert.crypto.key_specification_from_public_key(public_key_after_renewal) assert private_key_after_issuance != private_key_after_renewal - assert private_key_size_after_issuance == private_key_size_after_renewal + assert key_specification_after_issuance == key_specification_after_renewal def test_status_returns_status_code(tmpdir): @@ -1501,27 +1503,33 @@ def test_client_uses_passed_in_private_key_algorithm_and_parameters_when_generat assert private_key.key_size == 1024 -def test_renew_generates_new_private_key_with_same_size_as_old_one(gctmpdir): +def test_renew_generates_new_private_key_with_different_size_if_requested(gctmpdir): private_key_file = gctmpdir.join('.gimmecert', 'server', 'myserver.key.pem') - gimmecert.commands.server(io.StringIO(), io.StringIO(), gctmpdir.strpath, 'myserver', None, None, ('rsa', 1024)) - private_key_after_issuance = private_key_file.read() + # Should produce 2048-bit RSA key (default from hierarchy). + gimmecert.commands.server(io.StringIO(), io.StringIO(), gctmpdir.strpath, 'myserver', None, None, None) - gimmecert.commands.renew(io.StringIO(), io.StringIO(), gctmpdir.strpath, 'server', 'myserver', True, None, None, None) - private_key_after_renewal = private_key_file.read() + gimmecert.commands.renew(io.StringIO(), io.StringIO(), gctmpdir.strpath, 'server', 'myserver', True, None, None, ("rsa", 1024)) private_key_size_after_renewal = gimmecert.storage.read_private_key(private_key_file.strpath).key_size - assert private_key_after_issuance != private_key_after_renewal assert private_key_size_after_renewal == 1024 -def test_renew_generates_new_private_key_with_different_size_if_requested(gctmpdir): +@pytest.mark.parametrize("key_specification", [ + ('rsa', 1024), + ('ecdsa', cryptography.hazmat.primitives.asymmetric.ec.SECP256K1), +]) +def test_renew_generates_new_private_key_with_same_key_specification_as_old_one(gctmpdir, key_specification): private_key_file = gctmpdir.join('.gimmecert', 'server', 'myserver.key.pem') - # Should produce 2048-bit RSA key (default from hierarchy). - gimmecert.commands.server(io.StringIO(), io.StringIO(), gctmpdir.strpath, 'myserver', None, None, None) + gimmecert.commands.server(io.StringIO(), io.StringIO(), gctmpdir.strpath, 'myserver', None, None, key_specification) + private_key_after_issuance = private_key_file.read() - gimmecert.commands.renew(io.StringIO(), io.StringIO(), gctmpdir.strpath, 'server', 'myserver', True, None, None, ("rsa", 1024)) - private_key_size_after_renewal = gimmecert.storage.read_private_key(private_key_file.strpath).key_size + gimmecert.commands.renew(io.StringIO(), io.StringIO(), gctmpdir.strpath, 'server', 'myserver', True, None, None, None) + private_key_after_renewal = private_key_file.read() - assert private_key_size_after_renewal == 1024 + public_key_after_renewal = gimmecert.storage.read_private_key(private_key_file.strpath).public_key() + key_specification_after_renewal = gimmecert.crypto.key_specification_from_public_key(public_key_after_renewal) + + assert private_key_after_issuance != private_key_after_renewal + assert key_specification_after_renewal == key_specification